Re: CVE-2013-1899 security issue and limited IP addresses in pg_hba.conf

From: Devrim Gündüz <devrim(at)gunduz(dot)org>
To: Mads(dot)Tandrup(at)schneider-electric(dot)com,pgsql-general(at)postgresql(dot)org
Subject: Re: CVE-2013-1899 security issue and limited IP addresses in pg_hba.conf
Date: 2013-04-04 16:43:34
Message-ID: d252077c-7ce0-4d48-91bd-5d32cc99de88@email.android.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hi,

pg_hba.conf does not have protection for this security issue.

Regards, Devrim

Mads(dot)Tandrup(at)schneider-electric(dot)com wrote:

>Hi All
>
>
>I'm trying to understand the implications of the latest security fix to
>postgresql [1].
>
>
>We have a setup were we in pg_hba.conf have limited the allowed IP
>addresses of the clients. But does anyone know if CVE-2013-1899 allows
>an arbitrary attacker to use the exploits described in [1]?
>
>
>We are using PostgreSQL 8.4.
>
>
>Best regards,
>
>Mads
>
>
>[1] http://www.postgresql.org/support/security/faq/2013-04-04/

--
Devrim Gündüz

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Bruce Momjian 2013-04-04 16:44:37 Re: CVE-2013-1899 security issue and limited IP addresses in pg_hba.conf
Previous Message Mads.Tandrup 2013-04-04 16:39:22 CVE-2013-1899 security issue and limited IP addresses in pg_hba.conf